Montag, 5. November 2012

The onion Router - Tor is a service that helps you to protect your anonymity while using the Internet.

The goal of the Tor project
is to provide a censorship-resistant & safer access to the
Internet. It is the most widely used free & open source
anonymization technique in existence. It also makes it possible to host
services like websites in a secure and anonymous fashion ("hidden
services")

Obviously, TOR needs a large amount of servers. As the TOR network is
not a commercial organisation, it requires voluntary supporters. But this support can be easy achieved with your Raspberry Pi.

How it Works

Tor helps to reduce the risks of both simple and sophisticated traffic
analysis by distributing your transactions over several places on the
Internet, so no single point can link you to your destination. The idea
is similar to using a twisty, hard-to-follow route in order to throw off
somebody who is tailing you — and then periodically erasing your
footprints. Instead of taking a direct route from source to
destination, data packets on the Tor network take a random pathway
through several relays that cover your tracks so no observer at any
single point can tell where the data came from or where it's going.

Tor relays are also referred to as "routers" or "nodes." They receive
traffic on the Tor network and pass it along. Check out the Tor website
for a more detailed explanation of how Tor works.
There are three kinds of relays that you can run in order to help the Tor network: middle relays, exit relays, and bridges.

MIDDLE RELAY
For greater security, all Tor traffic passes through at least three
relays before it reaches its destination. The first two relays are middle relays
which receive traffic and pass it along to another relay. Middle relays
add to the speed and robustness of the Tor network without making the
owner of the relay look like the source of the traffic. Middle relays
advertise their presence to the rest of the Tor network, so that any Tor
user can connect to them. Even if a malicious user employs the Tor
network to do something illegal, the IP address of a middle relay will
not show up as the source of the traffic. That means a middle relay is
generally safe to run in your home, in conjunction with other services,
or on a computer with your personal files. See our legal FAQ on Tor for more info.

EXIT RELAYAn exit relay is the final relay
that Tor traffic passes through before it reaches its destination. Exit
relays advertise their presence to the entire Tor network, so they can
be used by any Tor users. Because Tor traffic exits through these
relays, the IP address of the exit relay is interpreted as the source of
the traffic. If a malicious user employs the Tor network to do
something that might be objectionable or illegal, the exit relay may
take the blame. People who run exit relays should be prepared to deal
with complaints, copyright takedown notices, and the possibility that
their servers may attract the attention of law enforcement agencies. If
you aren't prepared to deal with potential issues like this, you might
want to run a middle relay instead. We recommend that an exit relay
should be operated on a dedicated machine in a hosting facility that is
aware that the server is running an exit node. The Tor Project blog has
these excellent tips for running an exit relay. See our legal FAQ on Tor for more info.

BRIDGEBridges are Tor relays which are not publicly listed as part
of the Tor network. Bridges are essential censorship-circumvention tools
in countries that regularly block the IP addresses of all publicly
listed Tor relays, such as China. A bridge is generally safe to run in
your home, in conjunction with other services, or on a computer with
your personal files.

Setting up a TOR Middle Relay on a Raspberry Pi

It is really easy to set up a Raspberry Pi Tor Relay to help the TOR Project by gifting some of your Bandwidth from your internet connection and CPU-Power of your Raspberry Pi and a little bit of your electricity.

We need:

1x 2-4 GB SD-Card from your old digicam (a 8GB class10 is available for 7€ at amazon)

a Punnet case out Paper for 0$, selfbuilt with Lego ?$, cheapest plastic case on eBay for 8.9$, my case is the Pibow from Pimoroni for 17.95£

SUM: 45-50€ to run a Tor middle relay to boost and strenghten the TOR Project.

I am powering my Pi from my Router USB-Port, which saves me another micro-USB Power Supply Unit. Booting to the GUI (LXDE in Raspbian) is disabled. And the RAM for the GPU is set to a minimum. Maximum RAM for the ARM CPU.

When the installations is done, you have to edit the TOR configuration file.

Configuration FILE torrc

The file is available at location /etc/tor/ .

First make a backup of your torrc configuration file!$ sudo cp /etc/tor/torrc /etc/tor/torrc.backup

Edit the configuration file. $ sudo vi /etc/tor/torrc

You need to edit/change up to ~10 variables.

SocksPort 0## Tor opens a socks proxy on port 9050 by default -- even if you don't## configure one below. Set "SocksPort 0" if you plan to run Tor only## as a relay, and not make any local application connections yourself.
Log notice file /var/log/tor/notices.log

## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
## Send all messages of level 'notice' or higher to /var/log/tor/notices.logRunAsDaemon 1
## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line. This is ignored on Windows;
## see the FAQ entry if you want Tor to run as an NT service.ORPort 9001
## Required: what port to advertise for incoming Tor connections.DirPort 9030# what port to advertise for directory connections
## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.

ExitPolicy reject *:* # no exits allowed
This is necessary to run the TOR Node as a Relay only without the Exit-node functionality.

Nickname rasptorxxx # (you can chose whatever you like)
## A handle for your relay, so people don't have to refer to it by key.RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 KB.
## Note that units for these config options are bytes per second, not bits
## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.

ControlPort 9051
## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
This is necessary for the Command Line Gui Tool TOR-ARM

After Changing of the settings you have to restart your Tor Server.

$ sudo /etc/init.d/tor restart

Now check if your Server is up and running. Check your logfile for a Success notice. $ cat /var/log/tor/log

If your installation and configuration was successful there should be a entry with "[notice] Tor has successfully opened a circuit. Looks like client functionality is working." . $ cat /var/log/tor/notices.logLook out for "[notice] Self-testing indicates your DirPort is reachable from the outside. Excellent."

Thanks, you are now volunteering to the TOR-Project. Karma Points are raising!

You should be able to find now your Tor-Relay on a Torstatus List after a few hours.

Installing the ARM - TOR Status Monitor

The anonymizing relay monitor (arm) is a terminal status monitor for Tor, intended for command-line aficionados, ssh connections, and anyone with a tty terminal. This works much like top does for system usage, providing real time statistics for:

It shows several useful informations.

the running tor-version

tor-flags

used ports

nickname if set

fingerprint of your node

uptime of your server

process id of tor

CPU usage of TOR and ARM process

memory usage of TOR process

bandwith and limits

in and outgoing bandwith monitor

events in logfiles

editing configuration

many many more

Installing TOR-ARM

You ned to set the Control Port in your Tor configuration file as described above! The Monitor Program needs this Port to control the tor-process and receive data. $ sudo apt-get install tor-arm

Starting$ sudo arm This starts arm as root, better is to start the Status Monitor with the user the TOR Server is using.[ARM_NOTICE] Arm is currently running with root permissions. This is not a good idea, andwill still work perfectly well if it's run with the same user as Tor (ie, starting with "sudo -udebian-tor arm").Start arm with the TOR user. $ sudo -u debian-tor arm